device-bound-session-credentials/credentials-matching.https.html - external/w3c/web-platform-tests.git - Git at Google

 <!DOCTYPE html>
 <meta charset="utf-8">
 <title>DBSC credentials matching</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="helper.js" type="module"></script>

 <script type="module">
   import { expireCookie, documentHasCookie, waitForCookie, addCookieAndSessionCleanup, setupShardedServerState, configureServer, pullServerState} from "./helper.js";

   const futureDate = new Date();
   futureDate.setFullYear(futureDate.getFullYear() + 1);

   async function runTest(t, sessionCookieAttributes, requestCookieAttributes, expectCallRefresh) {
     await setupShardedServerState();
     const expectedCookieAndValue = "auth_cookie=abcdef0123";
     const expectedAttributes = sessionCookieAttributes;
     const expectedCookieAndAttributes = `${expectedCookieAndValue};${expectedAttributes}`;
     addCookieAndSessionCleanup(t);

     // Configure server to set the session credentials and the associated Set-Cookie header.
     configureServer({ cookieDetails: [{ attributes: expectedAttributes }] });

     // Prompt starting a session, and wait until registration completes.
     const loginResponse = await fetch('login.py');
     assert_equals(loginResponse.status, 200);
     await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);

     // Confirm that a request has the cookie set.
     const authResponse = await fetch('verify_authenticated.py');
     assert_equals(authResponse.status, 200);

     // Delete the cookie, and replace it with a similar cookie with custom attributes.
     expireCookie(expectedCookieAndAttributes);
     assert_false(documentHasCookie(expectedCookieAndValue));
     await fetch('set_cookie.py', {
       method: 'POST',
       body: `${expectedCookieAndValue};${requestCookieAttributes}`,
     });

     // Send a request. Then, confirm refresh was or was not sent.
     const authResponseAfterExpiry = await fetch('verify_authenticated.py');
     assert_equals(authResponseAfterExpiry.status, 200);
     assert_true(documentHasCookie(expectedCookieAndValue));
     const serverState = await pullServerState();
     assert_equals(serverState.hasCalledRefresh, expectCallRefresh);
   }

   promise_test(async t => {
     const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
     const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Expires=${futureDate.toUTCString()}`;
     await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/false);
   }, "Expires attribute in credentials doesn't affect matching");

   promise_test(async t => {
     const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
     const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Max-Age=86400`;
     await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/false);
   }, "Max-Age attribute in credentials doesn't affect matching");

   promise_test(async t => {
     const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
     const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;HttpOnly`;
     await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);
   }, "HttpOnly attribute in credentials affects matching");

   promise_test(async t => {
     const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
     const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;SameSite=Strict`;
     await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);
   }, "SameSite attribute in credentials affects matching");

   promise_test(async t => {
     const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
     const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Secure`;
     await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);
   }, "Secure attribute in credentials affects matching");

   promise_test(async t => {
     const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
     const requestCookieAttributes = `Domain=${location.hostname};Path=/`;
     await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);
   }, "Path attribute in credentials affects matching");

   promise_test(async t => {
     const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Secure`;
     const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Partitioned;Secure`;
     await runTest(t, sessionCookieAttributes, requestCookieAttributes, /*expectCallRefresh=*/true);
   }, "Partition attribute in credentials affects matching");
 </script>
	<!DOCTYPE html>
	<meta charset="utf-8">
	<title>DBSC credentials matching</title>
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="helper.js" type="module"></script>

	<script type="module">
	import { expireCookie, documentHasCookie, waitForCookie, addCookieAndSessionCleanup, setupShardedServerState, configureServer, pullServerState} from "./helper.js";

	const futureDate = new Date();
	futureDate.setFullYear(futureDate.getFullYear() + 1);

	async function runTest(t, sessionCookieAttributes, requestCookieAttributes, expectCallRefresh) {
	await setupShardedServerState();
	const expectedCookieAndValue = "auth_cookie=abcdef0123";
	const expectedAttributes = sessionCookieAttributes;
	const expectedCookieAndAttributes = `${expectedCookieAndValue};${expectedAttributes}`;
	addCookieAndSessionCleanup(t);

	// Configure server to set the session credentials and the associated Set-Cookie header.
	configureServer({ cookieDetails: [{ attributes: expectedAttributes }] });

	// Prompt starting a session, and wait until registration completes.
	const loginResponse = await fetch('login.py');
	assert_equals(loginResponse.status, 200);
	await waitForCookie(expectedCookieAndValue, /expectCookie=/true);

	// Confirm that a request has the cookie set.
	const authResponse = await fetch('verify_authenticated.py');
	assert_equals(authResponse.status, 200);

	// Delete the cookie, and replace it with a similar cookie with custom attributes.
	expireCookie(expectedCookieAndAttributes);
	assert_false(documentHasCookie(expectedCookieAndValue));
	await fetch('set_cookie.py', {
	method: 'POST',
	body: `${expectedCookieAndValue};${requestCookieAttributes}`,
	});

	// Send a request. Then, confirm refresh was or was not sent.
	const authResponseAfterExpiry = await fetch('verify_authenticated.py');
	assert_equals(authResponseAfterExpiry.status, 200);
	assert_true(documentHasCookie(expectedCookieAndValue));
	const serverState = await pullServerState();
	assert_equals(serverState.hasCalledRefresh, expectCallRefresh);
	}

	promise_test(async t => {
	const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
	const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Expires=${futureDate.toUTCString()}`;
	await runTest(t, sessionCookieAttributes, requestCookieAttributes, /expectCallRefresh=/false);
	}, "Expires attribute in credentials doesn't affect matching");

	promise_test(async t => {
	const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
	const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Max-Age=86400`;
	await runTest(t, sessionCookieAttributes, requestCookieAttributes, /expectCallRefresh=/false);
	}, "Max-Age attribute in credentials doesn't affect matching");

	promise_test(async t => {
	const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
	const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;HttpOnly`;
	await runTest(t, sessionCookieAttributes, requestCookieAttributes, /expectCallRefresh=/true);
	}, "HttpOnly attribute in credentials affects matching");

	promise_test(async t => {
	const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
	const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;SameSite=Strict`;
	await runTest(t, sessionCookieAttributes, requestCookieAttributes, /expectCallRefresh=/true);
	}, "SameSite attribute in credentials affects matching");

	promise_test(async t => {
	const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
	const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Secure`;
	await runTest(t, sessionCookieAttributes, requestCookieAttributes, /expectCallRefresh=/true);
	}, "Secure attribute in credentials affects matching");

	promise_test(async t => {
	const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;
	const requestCookieAttributes = `Domain=${location.hostname};Path=/`;
	await runTest(t, sessionCookieAttributes, requestCookieAttributes, /expectCallRefresh=/true);
	}, "Path attribute in credentials affects matching");

	promise_test(async t => {
	const sessionCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Secure`;
	const requestCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials;Partitioned;Secure`;
	await runTest(t, sessionCookieAttributes, requestCookieAttributes, /expectCallRefresh=/true);
	}, "Partition attribute in credentials affects matching");
	</script>